New Threats Fuel Fears of Another Global Cyberattack
A new fast-spreading computer attack and a hacking group's threat to release a fresh trove of stolen cyberweapons are fueling fears among businesses and security experts of another global technology assault.
The new attack, called Adylkuzz, follows last week's WannaCry outbreak, which crippled computers in more than 100 countries over the weekend. Unlike its predecessor, Adylkuzz doesn't lock up computer screens, but slows down systems as it quietly steals processing power to generate a little-known digital currency called Monero.
The news comes a day after a hacking group called the Shadow Brokers separately posted an internet message saying it would release a new trove of cyberattack tools next month. The group claimed to have software that would affect web browsers, routers, mobile phones and Microsoft Corp.'s Windows 10 operating system. Its first trove, which it and Microsoft said was stolen from the National Security Agency, was dumped last month and used by WannaCry.
A Microsoft spokeswoman said the company is aware of the new Shadow Brokers claim and that its security teams actively monitor for emerging threats. The NSA has declined to comment on the authenticity of the Shadow Brokers documents or the WannaCry attack.
The threats highlight the growing risks of global assaults for businesses and governments posed by a nexus of mysterious hackers and powerful, government-crafted cyberweapons.
"In a few years we're going to be looking back and saying that 2017 was clearly a turning point," said Edward Amoroso, the former security chief at AT&T Inc. "That's when we started to see businesses affected. If your employees are coming in and they can't work, that's a big deal."
For companies looking to protect their systems, security experts agree on one piece of advice: install patches to Windows software now.
Still, that may not be enough to stop the next attack. "There's no wall you can build that's high enough or deep enough to keep a dedicated adversary out," said John Carlin, a former cybercrimes prosecutor at the Justice Department.
Larger companies will need to step up their security training, patching and planning, he says. Smaller mom-and-pop businesses may need to hand over security to companies that specialize in these services. "It's crazy to expect a mom-and-pop to on their own have to deal with cybersecurity issues," said Mr. Carlin, now the chair of the law firm Morrison & Foerster LLP's global risk and crisis management practice.
Corporate computer security spending is expected to hit $90 billion world-wide this year, an increase of 7.6% from a year earlier, according to research firm Gartner Inc.
The Shadow Brokers' release of what it says are U.S. government hacking tools comes after WikiLeaks in March published a cache of alleged Central Intelligence Agency cybersecrets, offering a window into a world where the research and development of computer attacks has become increasingly professionalized.
The stage for today's cyberattacks was set more than a decade ago. In the mid-2000s, Microsoft, embarrassed by a series of computer worm and virus outbreaks, began to comb through its software for bugs and develop new coding techniques designed to thwart hackers. At the same time, hackers discovered they could command large fees for their work.
Apple Inc., for example, pays $200,000 for details on the most severe bugs affecting its software. Government agencies and private corporations often pay more, especially if the research includes "exploit code" that can be used in an attack. Last year, the Federal Bureau of Investigation paid more than $1 million for a hacking tool that gave it access to the iPhone used by the gunman in the San Bernardino, Calif., attack.
All of this has helped pushed underground bugs such as the one used in WannaCry and the "exploit" code that leverages them. That means companies such as Microsoft are often unaware they exist, said David Aitel, chief executive at Immunity Inc., a computer-security services company. "There's a scarcity of high-quality attack tools," he said.
But if companies thought the risk of attacks had evaporated, WannaCry served as a wake-up call. While few victims appear to have paid the $300 ransom WannaCry demanded from affected users, the software affected hundreds of thousands of systems, including networks at Renault SA and Britain's public health service. It not only rendered computers unusable but deployed encryption to make data stored on them unreadable.
The attack could have been much worse if it had made sensitive corporate information public, said Mr. Aitel, a former NSA analyst.
Recent events are "a taste of the kind of threats we may be facing going forward," said Virginia Sen. Mark Warner, the top Democrat on the Senate Intelligence Committee, which oversees the nation's spy agencies. "I'm not sure if the whole of government -- or for that matter, the whole of society -- is fully prepared."
Another computer worm may soon appear, either based on the Shadow Brokers' code used by WannaCry or similarly devastating code released by Shadow Brokers in April that was used on Microsoft's Remote Desktop Protocol software, said Robert M. Lee, chief executive of security consultancy Dragos Inc.
And while it isn't known yet how dangerous any new releases might be, "everything the Shadow Brokers have talked about leaking so far has been legitimate," he said.
Microsoft, whose Windows software is the most frequent target of attacks, is calling on governments to report software flaws rather than stockpiling or exploiting them.
"Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage," Brad Smith, the company's top lawyer, wrote in a blog post Sunday.
Given the widespread use of these attacks, and the fact that nations such as North Korea are unlikely to abide by international cybersecurity conventions akin to those proposed by Microsoft, Immunity's Mr. Aitel says such suggestions aren't likely to be adopted. "No country on earth thinks this is a good idea," he said.
--Natalie Andrews contributed to this article.
(END) Dow Jones Newswires
May 17, 2017 13:52 ET (17:52 GMT)